Can someone point out or help with a step by step guide to setting up Galera to use stunnel for rsync sst?
I was following the instructions here:
and my main doubts are:
1. Does stunnel itself have to be configured and if so is it the same configuration on all galera nodes?
2. Does stunnel have to be running as a service on any of the galera nodes?
3. Does the configuration shown in the galera documentation
[sst] tkey = /etc/my.cnf.d/certificates/client-key.pem tcert = /etc/my.cnf.d/certificates/client-cert.pem
have to be done on all the galera nodes?
4. Do the above key and cert have to be the same (or have to be different) on all galera nodes?
5. more of a stunnel question, but following the link from the galera documentation to the stunnel documentation for certificate generation,
I got stuck on this command which no longer works on openssl 126.96.36.199:
openssl gendh 2048 >> stunnel.pem
Any idea on what has replaced it?
Thanks for any help.